ipfw reass brakes ipv6 operation
Emil Muratov
gpm at hotplug.ru
Fri Oct 28 15:29:50 UTC 2011
Hi all
I've got into some strange behavior with ipv6. Somehow ipfw reassembly
totally brakes it's operation.
As soon as I add a rule "ipfw add 100 reass all from any to any in" all
ipv6 operation is not available any more,
I can only ping6 localhost. Outgoing ipv6 packets are OK, I can see them
via tcpdump on an interface stf0 and after that leaving encapsulated in
ip4 through another interface. But all incoming ipv6 packets are
blackholed. I can see them arriving as an encapsulated payload in ip4
and after that they disappear. I don't know if this a bug or a feature,
using "ipfw add reass ip4 from any to any in" works as a workaround.
Shouldn't reass just pass ipv6 packets intact? Or if it is a feature
than maybe there should be a note in IPFW(8) man page to not to use
reass for anything except ip4?
Thanks.
More information about the freebsd-ipfw
mailing list